| Question.61 Your organization is a financial company that needs to store audit log files for 3 years. Your organization has hundreds of Google Cloud projects. You need to implement a cost-effective approach for log file retention. What should you do? (A) Create an export to the sink that saves logs from Cloud Audit to BigQuery. (B) Create an export to the sink that saves logs from Cloud Audit to a Coldline Storage bucket. (C) Write a custom script that uses logging API to copy the logs from Stackdriver logs to BigQuery. (D) Export these logs to Cloud Pub/Sub and write a Cloud Dataflow pipeline to store logs to Cloud SQL. |
61. Click here to View Answer
Answer : A
Reference:
https://cloud.google.com/logging/docs/audit/
| Question.62 You want to run a single caching HTTP reverse proxy on GCP for a latency-sensitive website. This specific reverse proxy consumes almost no CPU. You want to have a 30-GB in-memory cache, and need an additional 2 GB of memory for the rest of the processes. You want to minimize cost. How should you run this reverse proxy? (A) Create a Cloud Memorystore for Redis instance with 32-GB capacity. (B) Run it on Compute Engine, and choose a custom instance type with 6 vCPUs and 32 GB of memory. (C) Package it in a container image, and run it on Kubernetes Engine, using n1-standard-32 instances as nodes. (D) Run it on Compute Engine, choose the instance type n1-standard-1, and add an SSD persistent disk of 32 GB. |
62. Click here to View Answer
Answer : B
| Question.63 You are hosting an application on bare-metal servers in your own data center. The application needs access to Cloud Storage. However, security policies prevent the servers hosting the application from having public IP addresses or access to the internet. You want to follow Google-recommended practices to provide the application with access to Cloud Storage. What should you do? (A) 1. Use nslookup to get the IP address for storage.googleapis.com. 2. Negotiate with the security team to be able to give a public IP address to the servers. 3. Only allow egress traffic from those servers to the IP addresses for storage.googleapis.com. (B) 1. Using Cloud VPN, create a VPN tunnel to a Virtual Private Cloud (VPC) in Google Cloud. 2. In this VPC, create a Compute Engine instance and install the Squid proxy server on this instance. 3. Configure your servers to use that instance as a proxy to access Cloud Storage. (C) 1. Use Migrate for Compute Engine (formerly known as Velostrata) to migrate those servers to Compute Engine. 2. Create an internal load balancer (ILB) that uses storage.googleapis.com as backend. 3. Configure your new instances to use this ILB as proxy. (D) 1. Using Cloud VPN or Interconnect, create a tunnel to a VPC in Google Cloud. 2. Use Cloud Router to create a custom route advertisement for 199.36.153.4/30. Announce that network to your on-premises network through the VPN tunnel. 3. In your on-premises network, configure your DNS server to resolve *.googleapis.com as a CNAME to restricted.googleapis.com. |
63. Click here to View Answer
Answer : C
| Question.64 You want to deploy an application on Cloud Run that processes messages from a Cloud Pub/Sub topic. You want to follow Google-recommended practices. What should you do? (A)1. Create a Cloud Function that uses a Cloud Pub/Sub trigger on that topic. 2. Call your application on Cloud Run from the Cloud Function for every message. (B) 1. Grant the Pub/Sub Subscriber role to the service account used by Cloud Run. 2. Create a Cloud Pub/Sub subscription for that topic. 3. Make your application pull messages from that subscription. (C) 1. Create a service account. 2. Give the Cloud Run Invoker role to that service account for your Cloud Run application. 3. Create a Cloud Pub/Sub subscription that uses that service account and uses your Cloud Run application as the push endpoint. (D) 1. Deploy your application on Cloud Run on GKE with the connectivity set to Internal. 2. Create a Cloud Pub/Sub subscription for that topic. 3. In the same Google Kubernetes Engine cluster as your application, deploy a container that takes the messages and sends them to your application. |
64. Click here to View Answer
Answer : D
| Question.65 You need to deploy an application, which is packaged in a container image, in a new project. The application exposes an HTTP endpoint and receives very few requests per day. You want to minimize costs. What should you do? (A) Deploy the container on Cloud Run. (B) Deploy the container on Cloud Run on GKE. (C) Deploy the container on App Engine Flexible. (D) Deploy the container on GKE with cluster autoscaling and horizontal pod autoscaling enabled. |
65. Click here to View Answer
Answer : B